Back to the roots - 5 cloud services you shouldn't skip when starting with AWS

start

A popular saying is:

The first step is always the hardest.

And we’ve all been there. Getting your feet into Cloud Computing seems easy at first, because it is all around nowadays. But digging deeper, and sticking with it, can be tricky. There are a lot of services, and you might not know where to start first.

Coming from Software Development

A lot of cloud newbies come from regular software development. At some point, you come in contact with where your application is hosted. And before you know where you are, you also need to adjust a service. This is when developers are introduced to The Cloud. This means Infrastructure, Architecture and Networking - and even more new fields they have never touched before.

In this blog post, we will have a look at some often overseen AWS services which are crucial for your successful cloud journey. It is a completion to my “How to kick-start your Cloud Journey with AWS” talk I presented at several AWS User Groups this year. So sit back, grab your favourite cup of tea and take a lovely trip back to the roots. 🍵 Even if you are an experienced user, this article surely provides some new perspective on how to start with AWS.

How to get started

Many guides show that the best way to start is having a proper use case. I totally agree, but over the years I have gotten the feeling that builders often overlook the importance of services which are tightly coupled to their point of entrance. Let’s have a look, at AWS services you shouldn’t skip when starting:

  • AWS IAM - the heart of access and permission control in AWS
  • CloudTrail - the control base of all things which are happening within your account
  • CloudWatch - every ops pals' favourites: monitoring, logging and alerting
  • AWS Cost Management - the best way to make your finance team happy when taking an eye on it
  • AWS VPC - the all-time favourite for network-lovers, but important for most of the services, as well

At some point of your cloud-journey you will have to deal with them. They are connected to almost every other service in AWS. I think it’s important to know what they do and how to use them.

IAM

As one pillar of cloud basics, the heart of access and permission control is AWS IAM and its concepts of access & authorization management. This service is crucial for all operations in AWS, as it provides not only permission management for users, but also between services and beyond. When starting with IAM, you need to distinguish between the following:

  • access management for users and groups
  • access management for services
  • access management for organisations, e.g. with AWS IAM Identity Center (Successor to AWS Single Sign-On) or Control Tower

You might not see IAM directly, but especially when you’re working with serverless services, you need to know which service should be able to communicate with which. And that’s where IAM comes into play.

  • At superluminar, we ramp up AWS for our customers using Control Tower or IAM Identity Center. However, we also help to set up best practices in user management when starting with AWS cloud computing.

One piece which is important to consider when working with IAM is the least privilege principle: give users or services the least amount of access necessary. This is extra hard when “just testing around”, because you tend to give Administrator Access very easily. But it is worth taking the extra time to think about which permission the user or the service really needs to do the job securely. A way to analyse your policies is the IAM Access Analyser.

CloudWatch

AWS CloudWatch provides monitoring and observability for the services you are using, collecting and tracking metrics, logs, and events. This helps in understanding your application’s performance, detecting anomalies, and enabling proactive responses to issues, e.g. with CloudWatch Alarms or Log Metric Filters. CloudWatch also offers customisable dashboards for having a first overview for important metrics. You will need to work with this service sooner or later, especially when working with Lambda Functions and observing the logs. So CloudWatch is always worth a look.

CloudTrail

AWS CloudTrail enables detailed monitoring of account activities by recording all API calls and events across your resources. It helps for auditing, compliance, and security analysis, allowing users to track changes and investigate potential issues. Combined with services like CloudWatch Alarms, SNS or SQS and more, you can manage notifications for account activity. CloudTrail empowers you to maintain a secure and well-governed AWS environment. It is always worth having a look and get to know your account wide events.

Cost Management

Often overlooked is Cost Management. This service gives you full overview about the costs of your AWS account. Although in reality you might not always have access to the finance dashboards, it is important to know what to expect. With Cost Management you can:

When working with Cost Management services, it is crucial to use tags for all of your resources to be able to allocate them in your reports. Despite general allocation of your cloud resources, I think this is one of the most important use cases for tagging.

Be aware that for Cost Allocation Tags you need to have access to the paying AWS account. This comes into play especially when you are working with multiple AWS accounts and you want to allocate the costs to a specific account.

VPC

This service is kind of like the heart of your AWS account. A lot of services depend on it, so it is crucial to understand how it works. With AWS VPC you define your own virtual network in AWS, which provides, e.g. IP addresses, subnets for your resources or routing table management. When starting with AWS several services, you need a VPC to be able to work, f.e. EC2, RDS. In some cases you even need it for your Lambdas.
By default, you can use the so-called Default VPC, which is created automatically when you create your AWS account. But I highly recommend to create your own VPCs. Default VPC comes with some limitation especially when you want to run applications in production which need a lot of (internal) IP connections. Using VPCs, you need to take a closer look at networking. I know it can be a bit overwhelming at first, but it’s worth giving it a try.

Now what?

Mastering only these services will not make you an AWS expert, but they will help you gain better insights into the infrastructure you are working with. It is always good to have a solid understanding of basic services which are connected everywhere.
You can now start with your next AWS project (maybe a serverless one) while exploring the often overseen AWS services as well.

  • Still don’t know where to start? Let’s take a look at our beginner-friendly serverless workshop for your team. The workshops can be done at your own pace, but don’t hesitate to reach out to us and chat with us about further assistance.

At superluminar we care

Good foundational knowledge is key to solve problems our customers face. We encourage sharing knowledge among our team. This also means teaching basics to our Junior Consultant, not only with training on the job, but with providing room for knowledge sharing at regular intervals. We do this e.g. with the Junior’s Thursday or our Collaboration Friday. Are you interested in sharing your knowledge in a super focused team? Let’s have a look at our open positions 🧑🏽‍💻👩🏻‍💻🔍
Still not sure? Let’s have a look at blog posts by our colleagues: Rebecca’s Interview 📚

🤔 What are your favourite AWS services to start a cloud journey?

photo by Matt Duncan on Unsplash

photo of Nora

Nora is a Senior Cloud Consultant at superluminar and AWS Community Builder. She writes here mainly about DevOps, Infrastructure as Code und Observability. You can find Nora on Twitter and Instagram. She organises several events for the #WomenInTech Community.